On Tue, May 14, 2019 at 10:30 AM John Young <jya@pipeline.com> wrote:
What's the security benefit of Red Balloon's attacks? Is this not a type of extortion or maybe angling for bragging rights, a bribe to keep quiet or a buy-out from deep-pocketed targets. Hard to distinguish white hats from black and gray (also Red Hat), sanctimony from villainy. All emulating national security racketeering, or more like religious whipsawing fear and salvation.
Leaking secrets has become a masturbation porn racket too, always was, mea culpa.
The security benefit is to shame/encourage/force Cisco to fix the problem. The unknown is just how long these problems have been known to hostile forces, however one might define them. That Red Balloon gets some bragging rights is fine by me. Kurt